Privacy Services

Browse

Privacy Services

The American Institute of Certified Public Accountants (AICPA) has developed a series of assurance and advisory services. These services are focused on building trust and confidence in businesses and are a natural extension of the CPA's auditing and information technology consulting functions. One of the services is focused on privacy of personal information. The AICPA and CPA Canada have formed the AICPA/CPA Canada Privacy Task Force, which has developed privacy best practices and related services to help organizations manage privacy risk and implement good privacy practices.

Businesses are responsible for identifying the principal risks of the business and implementing appropriate measures to mitigate those risks. To determine the significance of privacy risk, it is important to conduct a privacy risk assessment. The results of that assessment will dictate whether, and to what extent, a privacy program should be established.

Personal information privacy risk can have a pervasive impact on a business. For example, it can lead to:

damage to the reputation of the business and to business relationships;
legal liability and sanctions;
charges of deceptive business practices;
customer and employee distrust;
denial of consent to use personal information for business purposes; and
lost business and consequential reduction in sales and profits.

This booklet highlights key questions a business should ask with the aim of understanding privacy risk, implementing a privacy program, managing privacy risk and obtaining privacy assurance.

Nancy A. Cohen, CPA.CITP, CIPP discusses the considerations for safeguarding personally identifiable information. As systems and processes become more complex and sophisticated, ever more personal information are being collected. Because more data is being collected and held, personal information may be at risk to a variety of vulnerabilities, including loss, misuse, unauthorized access, and unauthorized disclosure.